I'm trying to use python requests to login into a website. The only catch is that it is based on SMF and uses sha1 to encrypt and send a hashed password. I know how it is encrypted but I don't where to get smf_session_id which is required to encrypt the password.
I've tried seeing looking through all the javascript files on the website but I can't find where it's defined. I've also tried seeing if the __cfduid or PHPSESSID have any relationship to it but it's different.
Python
payload = {
'user': 'user',
'passwrd': my_hash_function('pass') #I don't know where/how to get smf_session_id to complete the hash
with requests.Session() as s:
p = s.post('http://www.example.com/SMF/index.php?action=login2', data=payload)
print (s.cookies)
print ("Status Code: ", p.status_code)
payload = {'test': 'testparm'}
r = s.get('http://www.example.com/cgi-bin/vote_rank.cgi', data=payload)
print (r.status_code)
print (s.cookies)
print (r.headers)
Javascript
if (cur_session_id == null)
cur_session_id = smf_session_id;
doForm.hash_passwrd.value = hex_sha1(hex_sha1(doForm.user.value.php_to8bit().php_strtolower() + doForm.passwrd.value.php_to8bit()) + cur_session_id)